UBA : User Accessing Risky IP Anonymization

The QRadar® User Behavior Analytics (UBA) app supports use cases based on rules for certain behavioral anomalies.

UBA : User Accessing Risky IP Anonymization (previously called X-Force® Risky IP, Anonymization)

Enabled by default



This rule detect when a local user or host is connecting to an external anonymization service.

Support rules

  • X-Force Risky IP, Anonymization
  • BB:UBA : Common Event Filters

Required configuration

  • Set "Enable X-Force Threat Intelligence Feed" to Yes in Admin Settings > System Settings.
  • Enable the following rule: X-Force Risky IP Anonymization.

Log source types

All supported log sources.